Proven security with independent validation
The lack of critical security and cryptanalysis of tokenization systems limits adoption and effectiveness in protecting data. Independent proofs and security validation are critical to meet compliance mandates and reduce breach risk. Voltage SST technology’s foundations in proven principles and independent validation give organizations and auditors the necessary assurance and peace of mind that security and scope reduction are proven, not just claimed.

Increased business performance and efficiency
SST technology supports the business with high performance, payment processor-grade high availability, 100% data consistency, and linear scalability for business demand growth. Open systems and native mainframe support permits distribution of tokenization across geographies and systems without messy databases or card data vault operation and synchronization

Voltage Secure Stateless Tokenization (SST) Technology

There is a new tokenization technology for companies that want to reduce compliance scope, cut costs and complexity, and maintain busi- ness processes with advanced security – not just on implementation, but also as the business evolves and grows.

The Voltage Security SST technology is an advanced, patent pending, data security solution that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data. Voltage SST technology is offered as part of the Voltage SecureData Enterprise data security platform that unites market-leading Voltage Format-Preserving Encryption, Voltage SST technology, data masking and Voltage Stateless Key Management to protect sensitive corporate information in a single comprehensive solution.

Voltage SST technology is “stateless” because it eliminates the token database which is central to other tokenization solutions, and removes the need for storage of cardholder or other sensitive data. Voltage Security has developed an approach to tokenization that uses a set of static, pre-generated tables containing random numbers created using a FIPS random number generator. These static tables reside on vir- tual “appliances” – commodity servers – and are used to consistently produce a unique, random token for each clear text Primary Account Number (PAN) input, resulting in a token that has no relationship to the original PAN. No token database is required with SST technology, thus improving the speed, scalability, security and manageability of the tokenization process.

Security Proof

Voltage SST technology is designed to substantially increase data security over alternative tokenization solutions. Eliminating token data- bases and stored data also removes high-value data targets for hackers, and reduces the risk of data breach. With Voltage SST technology, the resulting tokens cannot be related back to the original sensitive data.

Additionally, Voltage SST technology has been developed by cryptography experts, is based on published and proven academic research and standards, and validated by a top third-party Quality Security Assessor (QSA) and independent cryptography experts. It effectively miti- gates risk of security breaches, and is proven for PCI DSS compliance and maximum audit scope reduction.

The Voltage SST Technology Difference:

Reduced compliance scope and costs

Voltage SST removes the storage of card data, and does so without requiring token databases that are mapped to the underlying card data and are costly to maintain. This dramatically reduces the number of applications and systems that are considered in-scope for compliance assessments. Eliminating token databases from the solution:

The static tables are securely replicated to all servers where tokenization will occur.

Increased business performance and responsiveness

The SST architecture assures high availability and throughput to support any current business processes. For transaction processors, including payment switches, tokenization service provid- ers, and card issuers, Voltage SST technology is a secure, high-performance solution that meets carrier-grade and payment-processor grade high availability requirements, provides 100% data consistency, and will scale linearly so that they can generate hundreds of millions of tokens to represent card numbers for internal use or to provide tokenization service to merchants.

Voltage SST is designed for high performance to support business processes and demand growth.

High-speed tokenization is performed in-memory without bottle-necking or degradation.

There are no software pre-requisites. Voltage SST works with virtually all languages and platforms, so the solution integrates easily into existing IT environments, including mainframe and mid-range.

Features & Benefits:

Works with all platforms and languages; easily integrates with existing IT environments

Fast Deployment

Voltage SST can be deployed and configured in hours and integrated with applications in a few days

Data Integrity

Added servers never introduce data integrity issues or a need for synchronization. 100% consistent,
1-to-1 mapping between PAN input and token is provided by all servers in all data centers. SST
technology ensures that business applications using tokens (loyalty, marketing, fraud, etc.) work
exactly as they did with PANs.

Optional Client-side Tools

Tokenization can be performed using local API calls or command-line operations, and can be scripted
for high-throughput batch operations (e.g. z/OS mainframe applications) with very high performance
and security, never leaving the application environment

Rapid Key Rollover

Rotating the encryption key that protects the token lookup tables distributed across all servers is a
single, efficient, high-speed process that takes just minutes to execute, even during live operations.
There are no token keys to manually manage, replicate, or recover

Dual Controls

Sensitive operations are protected by dual controls – as mandated by PCI DSS compliance guidance.
Voltage dual controls are workflow-based, promoting efficiency as well as security

Layered Authentication & Authorization

Authentication methods can be applied individually or layered for added security. Methods include:
LDAP, Active Directory, digital certificates, IP address verification and custom credential stores;
authorization can make use of existing groups in LDAP or Active directory to simplify configuration
of fine-grained permissions

Fine-grained
Tokenization Permissions

Reduce the PCI DSS scope of certain applications while still allowing them to make use of partially de-
tokenized PAN data. Enables control of scope by controlling exactly what applications are allowed to do:
tokenize only, de-tokenize only, or partial de-tokenization with certain digits blocked.

Rich Formatting Options

The format of tokens can be configured to best preserve functionality in applications that previously
used actual card numbers – eliminating costly application changes. Tokens can also be configured with
substitute alpha characters to enable auditors to clearly distinguish tokenized data.

Token Multiplexing

PCI DSS guidance points to the need to make tokens meaningful and usable only to the particular group
of applications that require them. Token Multiplexing provides a simple way to create token indepen
-
dence between merchants, applications, or lines of business, avoiding the cost and complexity of mul
-
tiple database lookup tables. Token multiplexing can be used to remove high value tokens from scope